Privacy Policy | Wau Books
[Wau Books](https://waubooks.com/)
[Discover](https://waubooks.com/discover) [Journal](https://waubooks.com/journal) [About](https://waubooks.com/about) [Contact](https://waubooks.com/contact)
[Sign in](https://waubooks.com/account/login) [Browse books](https://waubooks.com/discover)
[← Legal](https://waubooks.com/)
1. [Home](https://waubooks.com/)/
2. Legal/
3. Privacy Policy
# Privacy Policy
Last updated: 17 April 2026
This policy explains what personal data we collect, why we collect it, and how you can control it. Wau Books has both a discovery layer and an e-commerce layer for Waubooks Originals sold directly through our store, and this policy covers both.
## Data overview
| What we collect | Why | How long we keep it | Third parties involved |
| --- | --- | --- | --- |
| Account email address (Supabase Auth) | To create and authenticate your account when purchasing directly from us | Until you request deletion | Supabase (database + auth hosting) |
| Password credential (hashed, never plain text) | To verify identity during sign-in | Until account deletion | Supabase Auth |
| Order records (items, quantities, totals, payment status, Stripe session and intent IDs) | To fulfil your order and provide order history in your account | Retained for financial and operational records | Supabase (database hosting), Stripe (payment processing) |
| Shipping address (name, address, city, postcode, country) | To deliver print-on-demand physical books to you | Retained with the order record and used only for fulfilment | Supabase, Stripe Checkout, print-on-demand fulfilment partner |
| Stripe payment card data | To process payment securely | Not collected or stored by us | Stripe (hosted checkout, PCI-compliant) |
| Affiliate click events (title, retailer, timestamp, referrer, user agent) | To understand which books and retailers our visitors find useful, and to verify affiliate commissions | Indefinitely (anonymised after 12 months) | Supabase (database hosting) |
| Contact form submissions (name, email, reason, message) | To respond to reader and partner inquiries | Retained in our email workflow only as long as needed to resolve the inquiry | Email provider (Resend, if configured) |
| Newsletter email address | To send periodic reading recommendations | Until you unsubscribe | Supabase (database hosting), email provider when newsletters are sent |
| Basic analytics (page views, referrer, device type) | To understand how visitors use the site and improve content | Aggregated, no personal identifiers retained | Cloudflare Web Analytics (cookieless) |
Account email address (Supabase Auth)
- Why
- To create and authenticate your account when purchasing directly from us
- How long we keep it
- Until you request deletion
- Third parties involved
- Supabase (database + auth hosting)
Password credential (hashed, never plain text)
- Why
- To verify identity during sign-in
- How long we keep it
- Until account deletion
- Third parties involved
- Supabase Auth
Order records (items, quantities, totals, payment status, Stripe session and intent IDs)
- Why
- To fulfil your order and provide order history in your account
- How long we keep it
- Retained for financial and operational records
- Third parties involved
- Supabase (database hosting), Stripe (payment processing)
Shipping address (name, address, city, postcode, country)
- Why
- To deliver print-on-demand physical books to you
- How long we keep it
- Retained with the order record and used only for fulfilment
- Third parties involved
- Supabase, Stripe Checkout, print-on-demand fulfilment partner
Stripe payment card data
- Why
- To process payment securely
- How long we keep it
- Not collected or stored by us
- Third parties involved
- Stripe (hosted checkout, PCI-compliant)
Affiliate click events (title, retailer, timestamp, referrer, user agent)
- Why
- To understand which books and retailers our visitors find useful, and to verify affiliate commissions
- How long we keep it
- Indefinitely (anonymised after 12 months)
- Third parties involved
- Supabase (database hosting)
Contact form submissions (name, email, reason, message)
- Why
- To respond to reader and partner inquiries
- How long we keep it
- Retained in our email workflow only as long as needed to resolve the inquiry
- Third parties involved
- Email provider (Resend, if configured)
Newsletter email address
- Why
- To send periodic reading recommendations
- How long we keep it
- Until you unsubscribe
- Third parties involved
- Supabase (database hosting), email provider when newsletters are sent
Basic analytics (page views, referrer, device type)
- Why
- To understand how visitors use the site and improve content
- How long we keep it
- Aggregated, no personal identifiers retained
- Third parties involved
- Cloudflare Web Analytics (cookieless)
Jump to section
- [What we collect](#what-we-collect)
- [Account & authentication](#account-data)
- [Affiliate click tracking](#affiliate-clicks)
- [Payments & order history](#payment-orders)
- [Shipping address](#shipping-data)
- [Contact form submissions](#contact-form)
- [Newsletter](#newsletter)
- [Analytics & cookies](#analytics)
- [Third-party services](#third-parties)
- [Your rights](#your-rights)
- [Changes to this policy](#changes)
- [Contact us](#contact)
On this page
- [What we collect](#what-we-collect)
- [Account & authentication](#account-data)
- [Affiliate click tracking](#affiliate-clicks)
- [Payments & order history](#payment-orders)
- [Shipping address](#shipping-data)
- [Contact form submissions](#contact-form)
- [Newsletter](#newsletter)
- [Analytics & cookies](#analytics)
- [Third-party services](#third-parties)
- [Your rights](#your-rights)
- [Changes to this policy](#changes)
- [Contact us](#contact)
## What we collect
Wau Books operates in two layers. The discovery layer covers editorial content, affiliate links, newsletters, analytics, and contact forms. The e-commerce layer covers Waubooks Originals sold directly through our store, which requires an account, a Stripe payment flow, order records, and shipping information.
The data overview table above summarises the main categories we collect across both layers. If you browse the site without purchasing, you can use most of the discovery experience without creating an account.
## Account & authentication
Purchasing directly from us requires an account. We collect your email address and store your password through Supabase Auth, which keeps only a hashed credential. We never see or store your plain-text password.
If you would like your account removed, you can request deletion through our [contact form](https://waubooks.com/contact). We will delete the account record unless we need to retain parts of your order history for financial compliance.
## Affiliate click tracking
When you click an outbound link to a retailer, we log the click through our redirect system (`/out/[slug]/[retailer]`). This record includes:
- Which book and offer was clicked
- Which retailer the link pointed to
- The destination domain (not the full URL with query parameters)
- The page you were on when you clicked (referrer path — same-origin only)
- A hashed version of your IP address (not the raw IP)
- A hashed version of your user agent string
We do not store your raw IP address. The hash is used only to deduplicate clicks for analytics accuracy. It cannot be reversed to identify you. See our [affiliate disclosure](https://waubooks.com/legal/affiliate-disclosure) for more details.
## Payments & order history
When you purchase a Waubooks Original, Stripe processes the payment on its hosted checkout page. We never receive your card number, CVV, or expiry date. Stripe sends us confirmation of the completed payment together with the customer email, the items purchased, and the total amount.
We store that confirmation as your order record in our commerce tables so you can review order history in your account and so we can handle fulfilment, support, refunds, and bookkeeping.
## Shipping address
Stripe Checkout collects your shipping address as part of the payment flow for physical Waubooks Originals. We store that address in our order record so we can dispatch your order through our print-on-demand fulfilment workflow.
We use shipping information only to fulfil the order. We do not use it for marketing, and we share it only with the fulfilment partner responsible for printing and dispatching the book.
## Contact form submissions
If you contact us through the [contact form](https://waubooks.com/contact), we collect your name, email address, reason for contact, and message. This information is used only to respond to your inquiry and is delivered through our email workflow.
We do not add contact form submitters to our newsletter. You will only receive a reply to your specific inquiry.
## Newsletter
If you subscribe to our newsletter, your email address is stored in our database. We use this list to send periodic reading recommendations. We do not sell or share email addresses with third parties for marketing.
To unsubscribe, use the link in any newsletter you receive, or email us at the address listed in the Contact section below.
## Analytics & cookies
Wau Books uses Cloudflare Web Analytics, which is cookieless and does not track individual users. We see aggregate page views, referrer sources, and device types.
We do not use advertising cookies, cross-site tracking, or social media pixels. Any cookies set by the site are strictly necessary for site functionality.
## Third-party services
Wau Books uses the following third-party services that may process data:
- **Supabase** — Database and authentication hosting. Stores newsletter subscriptions, account records, order records, and tracking data under a data processing agreement.
- **Stripe** — Hosted payment processing for Waubooks Originals. Stripe handles all card data on its PCI-compliant checkout page and sends us payment confirmations.
- **Cloudflare** — Hosting, analytics, and edge security. Processes request metadata as part of normal network operation.
- **Email provider** — Sends transactional replies and newsletter emails.
- **Print-on-demand fulfilment partner** — Receives the shipping details required to print and dispatch Waubooks Originals.
- **Affiliate retailers** (Shopee, Lazada, Kinokuniya, Amazon) — When you click an affiliate link, you are redirected to their platform and subject to their privacy policies.
## Your rights
You may request access to, correction of, or deletion of any personal data we hold about you. Send requests via our [contact form](https://waubooks.com/contact). We will respond within 30 days.
This includes requests to delete your account data or the order data we can lawfully remove. Some order records may need to be retained for financial compliance even after an account deletion request. If you request deletion of your newsletter subscription, we will remove your email address from our database promptly.
## Changes to this policy
We will update the "Last updated" date at the top of this page when changes are made. Significant changes that affect your rights will be communicated via newsletter if you are subscribed.
## Contact us
For privacy-related questions or data requests, [contact us](https://waubooks.com/contact). Please include "Privacy" in your message subject so we can route it correctly.
Wau Books
Calm, editorial-first book discovery for Malaysian families who want thoughtful recommendations.
[Discover](https://waubooks.com/discover) [Journal](https://waubooks.com/journal) [About](https://waubooks.com/about) [Contact](https://waubooks.com/contact)
[Privacy Policy](https://waubooks.com/legal/privacy-policy) [Terms of Use](https://waubooks.com/legal/terms) [Affiliate Disclosure](https://waubooks.com/legal/affiliate-disclosure)
© 2026 Wau Books. Some retailer links may earn us a commission at no extra cost to you.
Built for Malaysian family reading life.
Developed by [Webfluentia](https://webfluentia.agency)